05-20-2019 06:28 AM
Hello everybody,
after migrating my network equipment to Cisco DNAC I've changed the server certificate. After that, I can no longer initiate IOS updates with DNAC.
Error Message:
Failed to submit schedule - Creating a task schedule failed: Failed to validate "Create Distribute Task" scheduled to run at May 20, 2019 10:30 PM CEST: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.xxx.xxx.xxx' does not match the certificate subject provided by the peer (C=US, ST=CA, O=Test, OU=Test, CN=dna.test.intra)
How can I replace the PKI Trustpoint on the switches? Is there any chance to push it via the DNAC without discovering the whole campus again?
Best regards,
Johannes
Solved! Go to Solution.
05-20-2019 06:57 AM
05-20-2019 06:57 AM
05-22-2019 12:21 AM
Hi Mike,
thank you for your support. That's the way we'll do it.
For anyone who needs this template in the future, here's my syntax:
<MLTCMD>
crypto pki authenticate DNAC-CA
-----BEGIN CERTIFICATE-----
... Insert the certificate ...
-----END CERTIFICATE-----
quit
yes
</MLTCMD>
05-13-2020 06:21 AM
Hi,
Do you know how we can extract the default certificate from DNA Centre? Where is it stored?
05-14-2020 12:13 AM
Hi sherazmalik,
you can extract the server certificate directly from the browser.
If you want to extract the certificate from the switch you can connect via cli and cut out the part after certificate ca 00xxxxxxxxxxxx96 and save it on a system where OpenSSL is installed ((e.g. DNAC)) as file switch.hex
This certificate can now be converted into the PEM format.
cat switch.hex | tr -d ' ' | xxd -r -p -c 32 | openssl x509 -inform der -out switch.pem
In switch.pem the certificate information is then in PEM format.
This can also be read out via OpenSSL:
openssl x509 -in switch.pem -text -noout
Alternatively, you can rename the file to the extension .cer and drag it to a Windows computer. Here the file can then be opened with the Windows crypto-shell extension.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide